Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

00dfc40888...0d.exe

windows7-x64

10

00dfc40888...0d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 02:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    00dfc408880007275933567dc343ab0d.exe

  • Size

    120KB

  • MD5

    00dfc408880007275933567dc343ab0d

  • SHA1

    f8a23cdc8043c19cd3971df468154459684def59

  • SHA256

    37aca0e15afb37c747d8ad9da34e53bf5e028e2c719cb66da79131114a44fd12

  • SHA512

    e99c4d0d30f4a9609967aefd718fba1190f3cc49464d2ece93e7632a8ac35e71d85a1270d1c6924e06d565f8faf38931ef132ad65dc88d91d928c9a56e08101e

  • SSDEEP

    1536:6TvMEQettA+M0KuPe+cq2+VbM5dtO2XhXTOkIHzEHPjzVddnSlv3Q:6bDA+Mp+P2Rs2R0HgHPjztS+

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 51 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\00dfc408880007275933567dc343ab0d.exe
    "C:\Users\Admin\AppData\Local\Temp\00dfc408880007275933567dc343ab0d.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2220
    • C:\Users\Admin\pikiz.exe
      "C:\Users\Admin\pikiz.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2952

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\pikiz.exe
    Filesize

    120KB

    MD5

    4157d602dadb022422963bdd36526c9a

    SHA1

    bd16765a5a1d20ad9411b6cb53c168b9a357794f

    SHA256

    278b397f0701dd896313b75ae0735029cb995ba45c3e7b9a4a05f754add43a31

    SHA512

    2a1425b5dce29ebaf61851486f29e42cdcf14bb72411b90354368e0f52853e277312ad4c1339f5f90716a5be73ed76be7affbccd84c4ea8beb1068a49d2c1794

    Download Submit